Thursday, June 17, 2010

For those of you who use linux for anything more than web browsing (in university/office) must be aware of the problems a proxy can pose. In many places as in my institute, you need to necessarily use a specified proxy server to access outside world, needing authentication for your credentials.
In my college, a common login registered in a central ldap server provides for all authentication services (used for course registration/fees payments/emails/proxy/...). Hence it is very important to protect it. Here i will show one way to avoid anyone easily getting your password.

Network proxy loophole in GNOME:
If you are using GNOME (default Fedora/Ubuntu) and you set your proxy details in "system->preferences->network proxy" then you open a simple loophole in the settings.
After setting your username/password, open a new terminal and type echo $http_proxy
Now you can clearly see your password as
http://<user>:<pass>@proxy.com:3128/
Now since many people come to your rooms in colleges you can see how simple it is to get your credentials.

Is there a way out:
There may be other ways, but here's the one which i follow. I create a local forwarding proxy server on my own computer and direct all applications to use that proxy. The settings for my proxy server are written in a file only readable by the root.
What follows is a step-by-step guide to set it up. Tested on Fedora

What do i use:
I use a small proxy server 3proxy, you could also use any other proxy server such as squid. In fact i used to use squid before i came to know of 3proxy (when it was packaged in fedora). Squid is a much more feature rich and heavy proxy. When i was using it had a bug whereby it would do at least 100 cpu wakeups per second, using precious power on my laptop. This may have been fixed by now.

Installation:
On Fedora systems you can do yum install 3proxy
A similar command for apt-get may work on Ubuntu (i've never tried)

25 comments:

Good one. It worked for me. I tried it on Ubuntu. Standard Ubuntu repos dosen't contain 3proxy. So I had to compile the source. One thing I want to say about this.. It takes lot of time to response. So its very slow. May be proxy forwarding feature in 3proxy is not properly optimized. So some reputed proxies like squid would be good (and stable too). Can you work on the similar settings for squid proxy server ?

Yes sure, 3proxy (squid too) can all do that.I've edited the post to a way in which it can be done (blogger's comment system is too bad, did not accept that text here)See the options in the 3proxy.cfg manual for many more options

This is exactly what I was looking for. Thanks for sharing this great article! That is very interesting Smile I love reading and I am always searching for informative information like this! https://prywatnoscwsieci.pl

Interesting topic for a blog. I have been searching the Internet for fun and came upon your website. Fabulous post. Thanks a ton for sharing your knowledge! It is great to see that some people still put in an effort into managing their websites. I'll be sure to check back again real soon. allertaprivacy.it

An interesting dialogue is price comment. I feel that it is best to write more on this matter, it may not be a taboo topic however usually individuals are not enough to talk on such topics. To the next. Cheers. https://internetprivatsphare.ch